Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] SolrJ/Solr: HTTP protocol violation: Authentication challenge without WWW-Authenticate header

On Thu, Jun 1, 2023 at 5:43 PM Shawn Heisey <eclipse@xxxxxxxxxxxx> wrote:
On 6/1/23 15:45, Jesse McConnell wrote:
> Your best bet would be to do at Greg said and capture the actual request
> failing on the wire using wireshark or tcpdump, or get a
> HttpChannel.Listener[1] set up in the server so you can see what is
> happening there.

I do not have access to the private key for the TLS certificate.

Even if I did, I have found that Wireshark cannot decrypt HTTPS if a
modern cipher is being used.  Solr 9 requires at least Java 11, and that
is the version being used.  I would expect Java 11, Jetty Server 9, and
Jetty client 10 to be utilizing a modern cipher.  Browser connections to
Solr are using TLS 1.2 with the cipher named

This has been possible in Wireshark since 2016 and its support for the SSLKEYLOGFILE format.
You'll need this from either the User Agent (Browser / HttpClient) or the Server for success.

Unfortunately Java doesn't export this file by default.
The output from `` has the information, but not in the correct SSLKEYLOGFILE format that Wireshark needs.
You can, instead, use a Java Agent (on the client side) to export this information automatically for you.

- Joakim

Back to the top